privacy policy

saluto is an independent wellness platform operated by saluto wellness inc., registered in quebec, canada. the data controller (within the meaning of gdpr, art. 4(7)) and the person responsible for the protection of personal information (within the meaning of law 25, art. 3.1) is camille laurent, founder.

you can reach us at any time at [email protected].

we keep data collection to the strict minimum. concretely, three cases:

a. what you enter into the bmi calculator

never transmitted

the height, weight, age and sex you enter into the calculator are processed entirely in your browser. these values are never sent to saluto, to any third-party provider, or to any database. close the tab and everything is gone.

b. technical logs (cloudflare)

our site is hosted on cloudflare pages. like any web server, cloudflare automatically logs certain technical information tied to each request:

c. emails you send us

if you write to [email protected], your message passes through cloudflare email routing before being delivered to a private gmail inbox. we see your email address, the message content, and any attachment — exactly as in any email exchange.

site security. technical logs let us detect and block abuse, and understand outages when they happen.

communication. to reply to the emails you send us. that is the sole use of incoming messages.

no marketing. we do not use any data for advertising, profiling, or resale. there is currently no mailing list or newsletter.

under gdpr, art. 6 and law 25, art. 12, we rely on two legal bases:

legitimate interest for technical security logs — proportionate, limited, and necessary to operate the service properly.

consent for email correspondence — sending an email to saluto constitutes express consent to processing the content of that message for the sole purpose of replying to it.

we do not sell or rent any data. we rely on two technical providers only:

cloudflare, inc. — hosting (cloudflare pages) and email delivery (email routing). cloudflare acts as a processor within the meaning of gdpr, art. 28.

google llc — final destination for received emails (gmail inbox).

there are currently no advertisers, no analytics platforms (no google analytics, no meta pixel, no mixpanel), and no sharing for commercial purposes.

cloudflare technical logs: kept according to cloudflare's retention policy, generally a few days to a few weeks. we do not keep an additional copy.

emails: kept while the conversation is active, and for up to 24 months after the last exchange, unless you ask for earlier deletion.

bmi calculator data: none — it exists only in your browser, until you close the tab.

depending on where you live, you have the following rights. we honour them free of charge, within a maximum of 30 days.

right of access. you may request a copy of the information we hold about you. (law 25, art. 27; gdpr, art. 15; lgpd, art. 18, ii)

right to rectification. you may request correction of inaccurate or incomplete information. (law 25, art. 28; gdpr, art. 16; lgpd, art. 18, iii)

right to deletion. you may ask us to delete your information, including past emails, where the law permits. (gdpr, art. 17; lgpd, art. 18, vi)

right to portability. you may receive your data in a structured, machine-readable format. (law 25, art. 27; gdpr, art. 20; lgpd, art. 18, v)

withdrawal of consent. you may withdraw your consent at any time, without affecting the lawfulness of prior processing. (gdpr, art. 7(3); lgpd, art. 8, § 5)

right to complain. you may file a complaint with the competent authority — see the contact section.

to exercise any of these rights, write to [email protected] with your request. we may ask for reasonable proof of identity before acting, in accordance with law 25, art. 32.

cloudflare and google are american companies. your technical data (logs, emails) may therefore be processed outside quebec and the european union, primarily in the united states.

these transfers are governed by the european commission's standard contractual clauses and, where applicable, the eu-us data privacy framework. we conduct a privacy impact assessment before any new transfer, as required by law 25, art. 17.

essential only

saluto currently uses no analytics or tracking cookies. the only cookies set are essential functional cookies by cloudflare for security (e.g. a short-lived anti-bot cookie). no advertising cookies, no social pixels, no mixpanel or heap.

if we ever add an analytics tool, we will update this section and present a compliant consent banner before any non-essential cookie is set.

saluto is not directed at children under 14 and we do not knowingly collect their information. if you are a parent or guardian and believe your child has sent us information, write to [email protected] and we will delete it promptly.

the person responsible for the protection of personal information is camille laurent, founder of saluto. you can reach her at [email protected].

if you believe your rights have not been respected, you can file a complaint with the commission d'accès à l'information du québec. eu residents may contact their national supervisory authority; brazilian residents may contact the autoridade nacional de proteção de dados (anpd).

we will update this policy as our practices evolve — a new service, a new provider, a new legal basis. the date at the top of the page always reflects the current version.

for significant changes, we will display a notice on the home page for at least 30 days and, if we have your email for another reason, we will write to you.